... keeps track of critical system files and notifies an administrator when they are altered. (1.6) - Log file Monitor (LFM) - Scan through logs generated by network services looking for attacks Patterns. (1.6) - Honeypot - A deception system that has false services to attract hacker attention. (1.6) b) What are the limitations of host based IDS (HIDS)? (8 marks) Ans: - Traffic overloading can easily crash a HIDS since it is usually installed and running on a platform such as a software OS, (2) - HIDS cannot examine encrypted network traffic passing through. (2) - It is specific to types of systems and makes them impractical for many environments. If the server is running multiple services such as DNS, file sharing, SMTP and so on, the host based IDS system might not be able to detect intrusions. (2) - It runs as a background process and do not have access to the core communication ...

See this essay or coursework document in full right now